首页
社区
课程
招聘
ios6 下后台发送短信
发表于: 2013-3-4 22:03 14086

ios6 下后台发送短信

2013-3-4 22:03
14086
ios6以后无法通过CTMessageCenter来后台发送短信了;

分析CKClientComposeConversation类里的- (void)sendMessage: newComposition:
发现发送短信是通过xpc_connection_sendmessage给另外个程序来发送的,于是无聊也来实现了一下;
代码很简单:
        id connection = [CKClientComposeConversation _xpcConnection];
        
        NSMutableArray* recipient = [[NSMutableArray alloc] initWithCapacity:0];
        NSString *tar = [NSString stringWithFormat:@"10086"];
        [recipient addObject:tar];
        
        const char* text = [[NSString stringWithFormat:@"34"] UTF8String];
        const char* guid = [[self gen_uuid] UTF8String];
        
        id dictionary = xpc_dictionary_create(0, 0, 0);
        IMInsertIntsToXPCDictionary(dictionary, "message-type", 0, 0);
        IMInsertArraysToXPCDictionary(dictionary, "recipients", recipient, 0);
        IMInsertStringsToXPCDictionary(dictionary, "markup", text, 0);
        IMInsertStringsToXPCDictionary(dictionary, "guid", guid, 0);
        
        xpc_connection_send_message(connection, dictionary);

这样就ok了,这时问题出现了,提示没有足够的权限。于是吧这段代码生成deb安装到root目录下一跑,短信发出去了。可惜了,必须越狱后才可以实现了,不过上面的方法最终还是有系统固件MobileSMS来发送的,所以短信里还是有纪录的..

希望有用...

[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!

收藏
免费 0
支持
分享
最新回复 (11)
雪    币: 129
活跃值: (31)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
忘记需要带的framework了, XPCObjects和IMFoundation这2个framework
定义即个c函数

extern int xpc_connection_get_pid(id p1);
extern char* xpc_connection_get_name(id p1);
extern id xpc_dictionary_create(int p1, int p2, int p3);
extern id xpc_connection_send_message(id p1, id p2);

extern bool IMInsertIntsToXPCDictionary(id p1, const char* p2, int p3, int p4);
extern bool IMInsertArraysToXPCDictionary(id p1, const char* p2, id p3, int p4);
extern bool IMInsertStringsToXPCDictionary(id p1, const char* p2, const char* p3, int p4);

@interface CKClientComposeConversation : NSObject
{
    NSMutableArray *_composeRecipients;
    BOOL _supportsAttachments;
    BOOL _forceMMS;
}

+ (double)maxTrimDurationForVideo;
+ (double)maxTrimDurationForAudio;
+ (id)_xpcConnection;
+ (double)maxTrimDurationForMediaType:(int)arg1;
+ (id)_newMessageWithComposition:(id)arg1 guid:(id)arg2;
+ (id)_copyEntityForAddressString:(id)arg1;
@property(nonatomic) BOOL forceMMS; // @synthesize forceMMS=_forceMMS;
- (void)addRecipientAddress:(id)arg1;
- (id)copyEntityForAddressString:(id)arg1;
- (BOOL)restrictMediaObjects;
- (BOOL)canSendMessageComposition:(id)arg1 error:(id *)arg2;
- (BOOL)canSendMessageWithParts:(id)arg1 subject:(id)arg2 error:(id *)arg3;
- (BOOL)isValidAddress:(id)arg1;
- (double)maxTrimDurationForMediaType:(int)arg1;
- (void)newMessageContentChangedWithComposition:(id)arg1;
- (BOOL)shouldShowCharacterCount;
- (id)serviceDisplayName;
- (int)buttonColor;
- (id)displayNameForMediaObjects:(id)arg1 subject:(id)arg2;
- (id)groupID;
- (void *)abRecord;
- (id)recipient;
- (id)recipients;
- (BOOL)canSendToRecipients:(id)arg1 withAttachments:(id)arg2 alertIfUnable:(BOOL)arg3;
- (BOOL)canAcceptMediaObjectType:(int)arg1 givenMediaObjects:(id)arg2;
- (BOOL)canAcceptMediaObject:(id)arg1 givenMediaObjects:(id)arg2;
- (void)loadAllMessages;
- (void)addMessage:(id)arg1;
- (id)newMessageWithComposition:(id)arg1;
- (id)newMessageWithComposition:(id)arg1 addToConversation:(BOOL)arg2;
- (id)newMessageWithComposition:(id)arg1 guid:(id)arg2 addToConversation:(BOOL)arg3;
- (id)preferredServiceWithCanSend:(char *)arg1 error:(int *)arg2;
- (id)_preferredServiceCheckWithServer:(BOOL)arg1 canSend:(char *)arg2 error:(int *)arg3;
- (BOOL)reloadIfStale;
- (id)unsentComposition;
- (void)dealloc;
- (id)initWithChat:(id)arg1 updatesDisabled:(BOOL)arg2 supportsAttachments:(BOOL)arg3;
- (BOOL)canSendMessageWithMediaObjectTypes:(int *)arg1;
- (void)sendMessage:(id)arg1 newComposition:(BOOL)arg2;
- (int)_maxAttachmentCount;

@end
2013-3-4 22:06
0
雪    币: 151
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
感谢分享。。。
2013-3-4 23:23
0
雪    币: 304
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
楼主V5,感谢分享哦
2013-3-5 08:59
0
雪    币: 2203
活跃值: (1021)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
其实我更想知道是如何分析的
2013-3-5 09:14
0
雪    币: 261
活跃值: (83)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
6
我在想知道LZ是如何分析的同时 ,还想知道“CTMessageCenter来后台发送短信”这是什么时候的事儿? IOS5上可以用哪款软件实现?
2013-3-5 19:09
0
雪    币: 487
活跃值: (30)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
7
楼主V5, 当时研究了很久没研究出来。
2013-3-8 18:18
0
雪    币: 487
活跃值: (30)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
8
按照楼主的代码发短信出现SpringBoard[131] <Warning>: Process trying to use client compose server lacks entitlement!
这个错误,如何破? 楼主给程序签名有加什么权限没?
我运行是ssh登录到手机用root权限运行的,后边还试了做成deb包在安装后脚本中执行,还用ssh单独执行都没成功~
2013-3-11 16:15
0
雪    币: 129
活跃值: (31)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
............
在springboard进程中调用则可成功.
2013-3-12 23:00
0
雪    币: 7
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
感谢分享.论坛牛人好多.
2013-3-16 19:31
0
雪    币: 1708
活跃值: (586)
能力值: ( LV15,RANK:670 )
在线值:
发帖
回帖
粉丝
11
会不会在短消息里留下记录?
2013-3-16 19:46
0
雪    币: 178
活跃值: (159)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
12
赞一个,学习收藏
2013-3-16 20:57
0
游客
登录 | 注册 方可回帖
返回
//